Crazy

[flashh4]

Jody that was another scan so can you do a OTL Fix for me !!

[flashh4]

Copy what is in black and paste it where it says it into the box "Paste script here" !!!

 

 

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {16D652B0-1CAD-0B00-2F85-3A0DF53664D3}
IE:64bit: - HKLM\..\SearchScopes\{16D652B0-1CAD-0B00-2F85-3A0DF53664D3}: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EE3A044A-170D-4A88-9B67-725E37447868}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\58933C5418CA454986CAEE119AB3D61B: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
[2013/09/25 07:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Extensions
[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions
[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\staged
[2013/10/22 12:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\firefox@batbrowse.com.xpi
[2013/11/15 20:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/15 20:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O4 - HKU\S-1-5-21-1542719066-136312105-2333243138-1000..\Run: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O1364bit: - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
[2013/12/07 14:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/12/07 13:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/12/07 15:56:07 | 000,000,410 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/12/07 14:53:50 | 000,000,434 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/12/07 14:53:50 | 000,000,402 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/12/07 13:13:45 | 000,000,933 | ---- | M] () -- C:\Users\Bud\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/12/07 13:13:44 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/12/07 13:44:11 | 000,000,402 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/12/07 13:43:51 | 000,000,434 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/12/07 13:13:42 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

 

 Then click Run The Fix !

 

 

Run The Fix !




 

[flashh4]

So open OTL on your desk top & copy & paste above into your OTL program !

[JODY]

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16D652B0-1CAD-0B00-2F85-3A0DF53664D3}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16D652B0-1CAD-0B00-2F85-3A0DF53664D3}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE3A044A-170D-4A88-9B67-725E37447868}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE3A044A-170D-4A88-9B67-725E37447868}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Extensions folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5}\components folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5}\chrome\PublisherImages folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5}\chrome\images folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5}\chrome folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5} folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome\content\inline folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome\content\images folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome\content folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected] folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome\content folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]\chrome folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected] folder moved successfully.

C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions folder moved successfully.

Folder C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\staged\ not found.

File C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected] not found.

C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.

Registry value HKEY_USERS\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedItupFree deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

C:\ProgramData\PC Optimizer Pro\LOGS folder moved successfully.

C:\ProgramData\PC Optimizer Pro folder moved successfully.

Folder C:\Program Files\PC Optimizer Pro\ not found.

C:\Windows\Tasks\PC Optimizer Pro64 startups.job moved successfully.

C:\Windows\Tasks\PC Optimizer Pro Updates.job moved successfully.

C:\Windows\Tasks\PC Optimizer Pro64 Scan.job moved successfully.

C:\Users\Bud\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk moved successfully.

File C:\Users\Public\Desktop\PC Optimizer Pro.lnk not found.

File C:\windows\tasks\PC Optimizer Pro64 Scan.job not found.

File C:\windows\tasks\PC Optimizer Pro Updates.job not found.

File C:\Users\Public\Desktop\PC Optimizer Pro.lnk not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Bud

->Java cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Bud

->Flash cache emptied: 3549 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Bud

->Temp folder emptied: 341669406 bytes

->Temporary Internet Files folder emptied: 158802017 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 27329064 bytes

->Google Chrome cache emptied: 522230826 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 106579487 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 3650 bytes

 

Total Files Cleaned = 1,103.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 12082013_112535

 

Files\Folders moved on Reboot...

C:\Users\Bud\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Bud\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[flashh4]

Good job Jody thats what i wanted ...... brb with another fix !!

 

Are the pop-ups still comming ?????

 

Chuck

[JODY]

How do I copy & not get the blue included.

[JODY]

No the pop ups aren't there. There was a tab that was running when I got on the internet. I just x them out.

[flashh4]

Ok re-boot & see if they are still there ??? Lets hope no pop-ups ??

 

Is that tab still there not sure what that is your talking about ??

Can you tell me what those tabs are ??

 

Chuck

[JODY]

They r gone.

[flashh4]

Jody, thats great !! Ok lets wrap this up then !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

 

 

***********************************

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows update default.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

If you are behind on some updates, please visit the http://secunia.com/vulnerability_scanning/online/]Secunia Software Inspector    
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck


Let me know if that solved your problems ????

[flashh4]

Seeing this problem has been resolved i will lock this topic !! If you need it re-opened please PM me or another mod !

 

Thanks

Chuck